Qian Li wrote:
Recently, I tried to write a ldap client to do ldap search asynchronously,
but failed to perform search operation after a successful async sasl
(digest-md5) bind.
What's your use-case for having async bind operation?
Note that the bind operation is somewhat special because it establishs a
security context/association.
I compared the captured sync and async packets:
In sync bind, the search packets were encrypted.
In async bind, after sasl (digest-md5) binding to ldap server
asynchronously (by calling ldap_sasl_interactive_bind() twice),
ldap_search_ext() was called. But the search packet was in plain text. Then
the ldap server reset the connection or just didn’t response (in the case
of MSAD).
Note that SASL bind with DIGEST-MD5 does *not* give you any encryption of the
transport channel. Working with MS AD are you looking for SASL/GSSAPI?